« SHARE Your Knowledge: Checking Out Laptops To Patrons | Main | Vanity plates for Facebook »

Protecting Patron Public PC Privacy

Hate to break it to your patrons, but Helga, the lonely Russian supermodel who emailed them out of the blue to say she thinks she might be their soulmate is lying and clicking on the link to her picture is a bad idea. Sorry.

While these particular steps won't help someone who clicks on that link, there are some simple things patrons can do to help protect their privacy when using a public PC at the library.  These are in order both by increasing security and, unfortunately, increasing time spent not using the PC.

  1. At an absolute minimum, patrons should log out of any social networking (Facebook, MySpace, etc), email, online banking or forum sites and then close the browser before their time is up.  Just closing out of the browser isn’t always enough.  This only takes a few seconds at the end of the session but can keep someone out of a patron's account on those sites even if the next person finds out where they've been.

    This is especially important when using Firefox on a PC with LibraryOnline.  The “session restore” feature, which is handy if your Firefox session crashes, can come back to haunt them since Firefox considers LibraryOnline’s logout a “crash” and tries to restore what had been on the screen.  Whoever opens Firefox next can get the previous patron’s pages back by clicking a button.

  2. Patrons really, really should log off of Windows at the end of their session.  The LibraryOnline software will automatically log a patron off at the end of their session, but PCs without that software should be logged off when a patron is done with their session.   While I can’t speak for PCs set up by the libraries, both LINK and patron PCs set up by Dan have security in place that is supposed to help “scrub” the PC when you log off.  This should get most, if not all, browser history and cookies off of the PC.  Logging off a PC and having it log back in often takes less than a minute. 

  3. Reboot the PC at the end of their session.  While logging off clears a lot of the previous patron’s information, it doesn’t do as thorough a job as actually rebooting the PC.  Rebooting a PC set up by SCLS should remove all files or changes a patron tried to make to a PC.  If you reboot the PC, you don’t need to log off first.  How long this takes depends on the PCs at your library.

  4. Reboot at the beginning of their session as well in case the previous user didn’t reboot the PC when they were done.  This way patrons should get a “clean” PC to start off with.


Yes, asking patrons to do these steps will cut into the amount of time they have available for using the PC, especially the last two.  However they will make using a public PC more secure for your patrons.

Comments

Feed You can follow this conversation by subscribing to the comment feed for this post.

http://www.channel3000.com/technology/21569629/detail.html?treets=c3k&tid=26510043733813&tml=c3k_12pm&tmi=c3k_12pm_1_12000211102009&ts=H

Hi, I found this interesting post about Facebook
Maggie

Great comment, Maggie!

The quizzes and applications on Facebook pull information from your profile, including everything you entered in the Info tab. That's what is says in the pop-up box when you add a new application/quiz. That's pretty much how you "pay" for the "free" application--with the information they get from your profile.

While every third party who is pulling profile information is supposed to adhere to rules set up by Facebook, the Facebook privacy page specifically states that they don't guarantee that the third parties do abide by the rules. http://www.facebook.com/policy.php

Sophos (the anti-virus software LINK uses) has a list of their recommended Facebook settings: http://www.sophos.com/security/best-practice/facebook.html

For personal profiles, I'd also recommend genericizing your profile a bit. Yes, it's going to make Facebook less personal and hinder some of the networking, but putting in something more generic like "A library" or even "A job" for your workplace will help protect against identity theft.

On a Facebook page for your library a lot of the recommendations above are too restrictive. The point is to get the information about your library out there after all. I would just avoid putting anyone's personal information into that profile. I would also think a library's profile would have limited exposure to the quizzes and other applications.

I'm not saying never allow any of the applications on your personal profile, but it's definitely something to keep in mind. If you know someone who is into any and every "send a picture of something cute/sparkly/seasonal to all your friends" application (not naming names 'cause with my luck they'd find this), it's probably best just to turn down those invitations.

Post a comment